aws-sdk-core 3.130.2 → 3.132.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +42 -1
- data/VERSION +1 -1
- data/lib/aws-sdk-core/assume_role_credentials.rb +5 -10
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +6 -7
- data/lib/aws-sdk-core/ecs_credentials.rb +5 -0
- data/lib/aws-sdk-core/instance_profile_credentials.rb +5 -0
- data/lib/aws-sdk-core/pageable_response.rb +7 -0
- data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb +34 -6
- data/lib/aws-sdk-core/plugins/recursion_detection.rb +3 -3
- data/lib/aws-sdk-core/process_credentials.rb +6 -9
- data/lib/aws-sdk-core/rest/handler.rb +1 -1
- data/lib/aws-sdk-core/shared_config.rb +2 -0
- data/lib/aws-sdk-core/sso_credentials.rb +8 -12
- data/lib/aws-sdk-core/structure.rb +6 -4
- data/lib/aws-sdk-core/xml/error_handler.rb +7 -0
- data/lib/aws-sdk-sso/client.rb +42 -14
- data/lib/aws-sdk-sso/types.rb +29 -20
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +14 -5
- data/lib/aws-sdk-sts.rb +1 -1
- metadata +10 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 834ced1c0e2ea4d743b2fc0cbe70ed75d6bcf57385521cd3c6ecded7e2eba288
|
4
|
+
data.tar.gz: cb7e8f63bc55a0ac685f0c1545fe95433e1b9a6397f4a41d264e3e01364772c0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4363ba1ee176a0656ca650ece2c0f816ccdb2e1dedc95db49c67d1277b90a6f797f5fbe3c7096de2a7b0335b47d02bfe127ea94d07f00961ce6e5b8a6380b120
|
7
|
+
data.tar.gz: 42518b3ea0ba92f776c1422f1c87b300c6bcd916e220184378b139987c5e00ad41d801231b1ce0c7c77ff88fa202de0bc22bb451887e00fbe6598f01cac5163d
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,47 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
3.132.0 (2022-08-08)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Updated Aws::SSO::Client with the latest API changes.
|
8
|
+
|
9
|
+
3.131.6 (2022-08-03)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Issue - Fix typo in `RecursionDetection`, change amz to amzn in header and env name.
|
13
|
+
|
14
|
+
3.131.5 (2022-07-28)
|
15
|
+
------------------
|
16
|
+
|
17
|
+
* Issue - Fix `to_json` usage in nested hashes by defining `as_json` (#2733).
|
18
|
+
|
19
|
+
3.131.4 (2022-07-27)
|
20
|
+
------------------
|
21
|
+
|
22
|
+
* Issue - Fix `to_json` usage on pageable responses when using Rails (#2733).
|
23
|
+
* Issue - Use `expand_path` on credential/config paths in SharedConfig (#2735).
|
24
|
+
|
25
|
+
3.131.3 (2022-07-18)
|
26
|
+
------------------
|
27
|
+
|
28
|
+
* Issue - Add support for serializing shapes on the body with `jsonvalue` members.
|
29
|
+
|
30
|
+
3.131.2 (2022-06-20)
|
31
|
+
------------------
|
32
|
+
|
33
|
+
* Issue - Populate context :request_id for XML error responses.
|
34
|
+
|
35
|
+
3.131.1 (2022-05-20)
|
36
|
+
------------------
|
37
|
+
|
38
|
+
* Issue - Bump the minimum version of `jmespath` dependency.
|
39
|
+
|
40
|
+
3.131.0 (2022-05-16)
|
41
|
+
------------------
|
42
|
+
|
43
|
+
* Feature - Updated Aws::STS::Client with the latest API changes.
|
44
|
+
|
4
45
|
3.130.2 (2022-04-22)
|
5
46
|
------------------
|
6
47
|
|
@@ -50,7 +91,7 @@ Unreleased Changes
|
|
50
91
|
3.126.2 (2022-02-16)
|
51
92
|
------------------
|
52
93
|
|
53
|
-
* Issue - Add a before_refresh callback to AssumeRoleCredentials (#2529).
|
94
|
+
* Issue - Add a before_refresh callback to AssumeRoleCredentials (#2529).
|
54
95
|
* Issue - Raise a `NoSuchProfileError` when config and credentials files don't exist.
|
55
96
|
|
56
97
|
3.126.1 (2022-02-14)
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.
|
1
|
+
3.132.0
|
@@ -3,25 +3,20 @@
|
|
3
3
|
require 'set'
|
4
4
|
|
5
5
|
module Aws
|
6
|
-
|
7
|
-
#
|
8
|
-
# a role via {Aws::STS::Client#assume_role}.
|
6
|
+
# An auto-refreshing credential provider that assumes a role via
|
7
|
+
# {Aws::STS::Client#assume_role}.
|
9
8
|
#
|
10
9
|
# role_credentials = Aws::AssumeRoleCredentials.new(
|
11
10
|
# client: Aws::STS::Client.new(...),
|
12
11
|
# role_arn: "linked::account::arn",
|
13
12
|
# role_session_name: "session-name"
|
14
13
|
# )
|
15
|
-
#
|
16
14
|
# ec2 = Aws::EC2::Client.new(credentials: role_credentials)
|
17
15
|
#
|
18
|
-
# If you omit `:client` option, a new {STS::Client} object will be
|
19
|
-
# constructed.
|
16
|
+
# If you omit `:client` option, a new {Aws::STS::Client} object will be
|
17
|
+
# constructed with additional options that were provided.
|
20
18
|
#
|
21
|
-
#
|
22
|
-
# that can be used to help manage refreshing tokens.
|
23
|
-
# `before_refresh` is called when AWS credentials are required and need
|
24
|
-
# to be refreshed and it is called with the AssumeRoleCredentials object.
|
19
|
+
# @see Aws::STS::Client#assume_role
|
25
20
|
class AssumeRoleCredentials
|
26
21
|
|
27
22
|
include CredentialProvider
|
@@ -5,9 +5,8 @@ require 'securerandom'
|
|
5
5
|
require 'base64'
|
6
6
|
|
7
7
|
module Aws
|
8
|
-
|
9
|
-
#
|
10
|
-
# a role via {Aws::STS::Client#assume_role_with_web_identity}.
|
8
|
+
# An auto-refreshing credential provider that assumes a role via
|
9
|
+
# {Aws::STS::Client#assume_role_with_web_identity}.
|
11
10
|
#
|
12
11
|
# role_credentials = Aws::AssumeRoleWebIdentityCredentials.new(
|
13
12
|
# client: Aws::STS::Client.new(...),
|
@@ -16,12 +15,12 @@ module Aws
|
|
16
15
|
# role_session_name: "session-name"
|
17
16
|
# ...
|
18
17
|
# )
|
19
|
-
#
|
20
|
-
# @see Aws::STS::Client#assume_role_with_web_identity
|
18
|
+
# ec2 = Aws::EC2::Client.new(credentials: role_credentials)
|
21
19
|
#
|
20
|
+
# If you omit `:client` option, a new {Aws::STS::Client} object will be
|
21
|
+
# constructed with additional options that were provided.
|
22
22
|
#
|
23
|
-
#
|
24
|
-
# constructed.
|
23
|
+
# @see Aws::STS::Client#assume_role_with_web_identity
|
25
24
|
class AssumeRoleWebIdentityCredentials
|
26
25
|
|
27
26
|
include CredentialProvider
|
@@ -4,6 +4,11 @@ require 'time'
|
|
4
4
|
require 'net/http'
|
5
5
|
|
6
6
|
module Aws
|
7
|
+
# An auto-refreshing credential provider that loads credentials from
|
8
|
+
# instances running in ECS.
|
9
|
+
#
|
10
|
+
# ecs_credentials = Aws::ECSCredentials.new(retries: 3)
|
11
|
+
# ec2 = Aws::EC2::Client.new(credentials: ecs_credentials)
|
7
12
|
class ECSCredentials
|
8
13
|
|
9
14
|
include CredentialProvider
|
@@ -4,6 +4,11 @@ require 'time'
|
|
4
4
|
require 'net/http'
|
5
5
|
|
6
6
|
module Aws
|
7
|
+
# An auto-refreshing credential provider that loads credentials from
|
8
|
+
# EC2 instances.
|
9
|
+
#
|
10
|
+
# instance_credentials = Aws::InstanceProfileCredentials.new
|
11
|
+
# ec2 = Aws::EC2::Client.new(credentials: instance_credentials)
|
7
12
|
class InstanceProfileCredentials
|
8
13
|
include CredentialProvider
|
9
14
|
include RefreshingCredentials
|
@@ -146,6 +146,13 @@ module Aws
|
|
146
146
|
data.to_h
|
147
147
|
end
|
148
148
|
|
149
|
+
def as_json(_options = {})
|
150
|
+
data.to_h(data, as_json: true)
|
151
|
+
end
|
152
|
+
|
153
|
+
def to_json(options = {})
|
154
|
+
as_json.to_json(options)
|
155
|
+
end
|
149
156
|
end
|
150
157
|
|
151
158
|
# The actual decorator module implementation. It is in a distinct module
|
@@ -11,15 +11,43 @@ module Aws
|
|
11
11
|
|
12
12
|
def call(context)
|
13
13
|
context.operation.input.shape.members.each do |m, ref|
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
14
|
+
convert_jsonvalue(m, ref, context.params, 'params')
|
15
|
+
end
|
16
|
+
@handler.call(context)
|
17
|
+
end
|
18
|
+
|
19
|
+
def convert_jsonvalue(m, ref, params, context)
|
20
|
+
return if params.nil? || !params.key?(m)
|
21
|
+
|
22
|
+
if ref['jsonvalue']
|
23
|
+
params[m] = serialize_jsonvalue(params[m], "#{context}[#{m}]")
|
24
|
+
else
|
25
|
+
case ref.shape
|
26
|
+
when Seahorse::Model::Shapes::StructureShape
|
27
|
+
ref.shape.members.each do |member_m, ref|
|
28
|
+
convert_jsonvalue(member_m, ref, params[m], "#{context}[#{m}]")
|
29
|
+
end
|
30
|
+
when Seahorse::Model::Shapes::ListShape
|
31
|
+
if ref.shape.member['jsonvalue']
|
32
|
+
params[m] = params[m].each_with_index.map do |v, i|
|
33
|
+
serialize_jsonvalue(v, "#{context}[#{m}][#{i}]")
|
34
|
+
end
|
35
|
+
end
|
36
|
+
when Seahorse::Model::Shapes::MapShape
|
37
|
+
if ref.shape.value['jsonvalue']
|
38
|
+
params[m].each do |k, v|
|
39
|
+
params[m][k] = serialize_jsonvalue(v, "#{context}[#{m}][#{k}]")
|
40
|
+
end
|
18
41
|
end
|
19
|
-
context.params[m] = param_value.to_json
|
20
42
|
end
|
21
43
|
end
|
22
|
-
|
44
|
+
end
|
45
|
+
|
46
|
+
def serialize_jsonvalue(v, context)
|
47
|
+
unless v.respond_to?(:to_json)
|
48
|
+
raise ArgumentError, "The value of #{context} is not JSON serializable."
|
49
|
+
end
|
50
|
+
v.to_json
|
23
51
|
end
|
24
52
|
|
25
53
|
end
|
@@ -9,10 +9,10 @@ module Aws
|
|
9
9
|
class Handler < Seahorse::Client::Handler
|
10
10
|
def call(context)
|
11
11
|
|
12
|
-
unless context.http_request.headers.key?('x-
|
12
|
+
unless context.http_request.headers.key?('x-amzn-trace-id')
|
13
13
|
if ENV['AWS_LAMBDA_FUNCTION_NAME'] &&
|
14
|
-
(trace_id = ENV['
|
15
|
-
context.http_request.headers['x-
|
14
|
+
(trace_id = ENV['_X_AMZN_TRACE_ID'])
|
15
|
+
context.http_request.headers['x-amzn-trace-id'] = trace_id
|
16
16
|
end
|
17
17
|
end
|
18
18
|
@handler.call(context)
|
@@ -1,19 +1,16 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module Aws
|
4
|
-
|
5
4
|
# A credential provider that executes a given process and attempts
|
6
|
-
# to read its stdout to recieve a JSON payload containing the credentials
|
7
|
-
#
|
8
|
-
# Automatically handles refreshing credentials if an Expiration time is
|
9
|
-
# provided in the credentials payload
|
10
|
-
#
|
11
|
-
# credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc').credentials
|
5
|
+
# to read its stdout to recieve a JSON payload containing the credentials.
|
12
6
|
#
|
7
|
+
# credentials = Aws::ProcessCredentials.new('/usr/bin/credential_proc')
|
13
8
|
# ec2 = Aws::EC2::Client.new(credentials: credentials)
|
14
9
|
#
|
15
|
-
#
|
16
|
-
#
|
10
|
+
# Automatically handles refreshing credentials if an Expiration time is
|
11
|
+
# provided in the credentials payload.
|
12
|
+
#
|
13
|
+
# @see https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes
|
17
14
|
class ProcessCredentials
|
18
15
|
|
19
16
|
include CredentialProvider
|
@@ -51,10 +51,12 @@ module Aws
|
|
51
51
|
@config_enabled = options[:config_enabled]
|
52
52
|
@credentials_path = options[:credentials_path] ||
|
53
53
|
determine_credentials_path
|
54
|
+
@credentials_path = File.expand_path(@credentials_path) if @credentials_path
|
54
55
|
@parsed_credentials = {}
|
55
56
|
load_credentials_file if loadable?(@credentials_path)
|
56
57
|
if @config_enabled
|
57
58
|
@config_path = options[:config_path] || determine_config_path
|
59
|
+
@config_path = File.expand_path(@config_path) if @config_path
|
58
60
|
load_config_file if loadable?(@config_path)
|
59
61
|
end
|
60
62
|
end
|
@@ -1,17 +1,12 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module Aws
|
4
|
-
# An auto-refreshing credential provider that
|
5
|
-
#
|
6
|
-
# token.
|
4
|
+
# An auto-refreshing credential provider that assumes a role via
|
5
|
+
# {Aws::SSO::Client#get_role_credentials} using a cached access
|
6
|
+
# token. This class does NOT implement the SSO login token flow - tokens
|
7
7
|
# must generated and refreshed separately by running `aws login` from the
|
8
8
|
# AWS CLI with the correct profile.
|
9
9
|
#
|
10
|
-
# For more background on AWS SSO see the official
|
11
|
-
# {https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html what is SSO Userguide}
|
12
|
-
#
|
13
|
-
# ## Refreshing Credentials from SSO
|
14
|
-
#
|
15
10
|
# The `SSOCredentials` will auto-refresh the AWS credentials from SSO. In
|
16
11
|
# addition to AWS credentials expiring after a given amount of time, the
|
17
12
|
# access token generated and cached from `aws login` will also expire.
|
@@ -20,7 +15,6 @@ module Aws
|
|
20
15
|
# the token value, but this can be done by running `aws login` with the
|
21
16
|
# correct profile.
|
22
17
|
#
|
23
|
-
#
|
24
18
|
# # You must first run aws sso login --profile your-sso-profile
|
25
19
|
# sso_credentials = Aws::SSOCredentials.new(
|
26
20
|
# sso_account_id: '123456789',
|
@@ -28,11 +22,13 @@ module Aws
|
|
28
22
|
# sso_region: "us-east-1",
|
29
23
|
# sso_start_url: 'https://your-start-url.awsapps.com/start'
|
30
24
|
# )
|
31
|
-
#
|
32
25
|
# ec2 = Aws::EC2::Client.new(credentials: sso_credentials)
|
33
26
|
#
|
34
|
-
# If you omit `:client` option, a new {SSO::Client} object will be
|
35
|
-
# constructed.
|
27
|
+
# If you omit `:client` option, a new {Aws::SSO::Client} object will be
|
28
|
+
# constructed with additional options that were provided.
|
29
|
+
#
|
30
|
+
# @see Aws::SSO::Client#get_role_credentials
|
31
|
+
# @see https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html
|
36
32
|
class SSOCredentials
|
37
33
|
|
38
34
|
include CredentialProvider
|
@@ -28,18 +28,20 @@ module Aws
|
|
28
28
|
# in stdlib Struct.
|
29
29
|
#
|
30
30
|
# @return [Hash]
|
31
|
-
def to_h(obj = self)
|
31
|
+
def to_h(obj = self, options = {})
|
32
32
|
case obj
|
33
33
|
when Struct
|
34
34
|
obj.each_pair.with_object({}) do |(member, value), hash|
|
35
|
-
|
35
|
+
member = member.to_s if options[:as_json]
|
36
|
+
hash[member] = to_hash(value, options) unless value.nil?
|
36
37
|
end
|
37
38
|
when Hash
|
38
39
|
obj.each.with_object({}) do |(key, value), hash|
|
39
|
-
|
40
|
+
key = key.to_s if options[:as_json]
|
41
|
+
hash[key] = to_hash(value, options)
|
40
42
|
end
|
41
43
|
when Array
|
42
|
-
obj.collect { |value| to_hash(value) }
|
44
|
+
obj.collect { |value| to_hash(value, options) }
|
43
45
|
else
|
44
46
|
obj
|
45
47
|
end
|
@@ -24,6 +24,7 @@ module Aws
|
|
24
24
|
else
|
25
25
|
code, message, data = extract_error(body, context)
|
26
26
|
end
|
27
|
+
context[:request_id] = request_id(body)
|
27
28
|
errors_module = context.client.class.errors_module
|
28
29
|
error_class = errors_module.error_class(code).new(context, message, data)
|
29
30
|
error_class
|
@@ -94,6 +95,12 @@ module Aws
|
|
94
95
|
end
|
95
96
|
end
|
96
97
|
|
98
|
+
def request_id(body)
|
99
|
+
if matches = body.match(/<RequestId>(.+?)<\/RequestId>/m)
|
100
|
+
matches[1]
|
101
|
+
end
|
102
|
+
end
|
103
|
+
|
97
104
|
def unescape(str)
|
98
105
|
CGI.unescapeHTML(str)
|
99
106
|
end
|
data/lib/aws-sdk-sso/client.rb
CHANGED
@@ -358,11 +358,13 @@ module Aws::SSO
|
|
358
358
|
# The friendly name of the role that is assigned to the user.
|
359
359
|
#
|
360
360
|
# @option params [required, String] :account_id
|
361
|
-
# The identifier for the
|
361
|
+
# The identifier for the Amazon Web Services account that is assigned to
|
362
|
+
# the user.
|
362
363
|
#
|
363
364
|
# @option params [required, String] :access_token
|
364
365
|
# The token issued by the `CreateToken` API call. For more information,
|
365
|
-
# see [CreateToken][1] in the *
|
366
|
+
# see [CreateToken][1] in the *Amazon Web Services SSO OIDC API
|
367
|
+
# Reference Guide*.
|
366
368
|
#
|
367
369
|
#
|
368
370
|
#
|
@@ -396,7 +398,8 @@ module Aws::SSO
|
|
396
398
|
req.send_request(options)
|
397
399
|
end
|
398
400
|
|
399
|
-
# Lists all roles that are assigned to the user for a given
|
401
|
+
# Lists all roles that are assigned to the user for a given Amazon Web
|
402
|
+
# Services account.
|
400
403
|
#
|
401
404
|
# @option params [String] :next_token
|
402
405
|
# The page token from the previous response output when you request
|
@@ -407,14 +410,16 @@ module Aws::SSO
|
|
407
410
|
#
|
408
411
|
# @option params [required, String] :access_token
|
409
412
|
# The token issued by the `CreateToken` API call. For more information,
|
410
|
-
# see [CreateToken][1] in the *
|
413
|
+
# see [CreateToken][1] in the *Amazon Web Services SSO OIDC API
|
414
|
+
# Reference Guide*.
|
411
415
|
#
|
412
416
|
#
|
413
417
|
#
|
414
418
|
# [1]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html
|
415
419
|
#
|
416
420
|
# @option params [required, String] :account_id
|
417
|
-
# The identifier for the
|
421
|
+
# The identifier for the Amazon Web Services account that is assigned to
|
422
|
+
# the user.
|
418
423
|
#
|
419
424
|
# @return [Types::ListAccountRolesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
420
425
|
#
|
@@ -448,10 +453,11 @@ module Aws::SSO
|
|
448
453
|
req.send_request(options)
|
449
454
|
end
|
450
455
|
|
451
|
-
# Lists all
|
452
|
-
# assigned by the administrator of the
|
453
|
-
# see [Assign User Access][1] in the
|
454
|
-
# operation returns a
|
456
|
+
# Lists all Amazon Web Services accounts assigned to the user. These
|
457
|
+
# Amazon Web Services accounts are assigned by the administrator of the
|
458
|
+
# account. For more information, see [Assign User Access][1] in the
|
459
|
+
# *Amazon Web Services SSO User Guide*. This operation returns a
|
460
|
+
# paginated response.
|
455
461
|
#
|
456
462
|
#
|
457
463
|
#
|
@@ -466,7 +472,8 @@ module Aws::SSO
|
|
466
472
|
#
|
467
473
|
# @option params [required, String] :access_token
|
468
474
|
# The token issued by the `CreateToken` API call. For more information,
|
469
|
-
# see [CreateToken][1] in the *
|
475
|
+
# see [CreateToken][1] in the *Amazon Web Services SSO OIDC API
|
476
|
+
# Reference Guide*.
|
470
477
|
#
|
471
478
|
#
|
472
479
|
#
|
@@ -504,12 +511,33 @@ module Aws::SSO
|
|
504
511
|
req.send_request(options)
|
505
512
|
end
|
506
513
|
|
507
|
-
# Removes the
|
508
|
-
# the
|
514
|
+
# Removes the locally stored SSO tokens from the client-side cache and
|
515
|
+
# sends an API call to the Amazon Web Services SSO service to invalidate
|
516
|
+
# the corresponding server-side Amazon Web Services SSO sign in session.
|
517
|
+
#
|
518
|
+
# <note markdown="1"> If a user uses Amazon Web Services SSO to access the AWS CLI, the
|
519
|
+
# user’s Amazon Web Services SSO sign in session is used to obtain an
|
520
|
+
# IAM session, as specified in the corresponding Amazon Web Services SSO
|
521
|
+
# permission set. More specifically, Amazon Web Services SSO assumes an
|
522
|
+
# IAM role in the target account on behalf of the user, and the
|
523
|
+
# corresponding temporary Amazon Web Services credentials are returned
|
524
|
+
# to the client.
|
525
|
+
#
|
526
|
+
# After user logout, any existing IAM role sessions that were created by
|
527
|
+
# using Amazon Web Services SSO permission sets continue based on the
|
528
|
+
# duration configured in the permission set. For more information, see
|
529
|
+
# [User authentications][1] in the *Amazon Web Services SSO User Guide*.
|
530
|
+
#
|
531
|
+
# </note>
|
532
|
+
#
|
533
|
+
#
|
534
|
+
#
|
535
|
+
# [1]: https://docs.aws.amazon.com/singlesignon/latest/userguide/authconcept.html
|
509
536
|
#
|
510
537
|
# @option params [required, String] :access_token
|
511
538
|
# The token issued by the `CreateToken` API call. For more information,
|
512
|
-
# see [CreateToken][1] in the *
|
539
|
+
# see [CreateToken][1] in the *Amazon Web Services SSO OIDC API
|
540
|
+
# Reference Guide*.
|
513
541
|
#
|
514
542
|
#
|
515
543
|
#
|
@@ -545,7 +573,7 @@ module Aws::SSO
|
|
545
573
|
params: params,
|
546
574
|
config: config)
|
547
575
|
context[:gem_name] = 'aws-sdk-core'
|
548
|
-
context[:gem_version] = '3.
|
576
|
+
context[:gem_version] = '3.132.0'
|
549
577
|
Seahorse::Client::Request.new(handlers, context)
|
550
578
|
end
|
551
579
|
|
data/lib/aws-sdk-sso/types.rb
CHANGED
@@ -10,18 +10,21 @@
|
|
10
10
|
module Aws::SSO
|
11
11
|
module Types
|
12
12
|
|
13
|
-
# Provides information about your
|
13
|
+
# Provides information about your Amazon Web Services account.
|
14
14
|
#
|
15
15
|
# @!attribute [rw] account_id
|
16
|
-
# The identifier of the
|
16
|
+
# The identifier of the Amazon Web Services account that is assigned
|
17
|
+
# to the user.
|
17
18
|
# @return [String]
|
18
19
|
#
|
19
20
|
# @!attribute [rw] account_name
|
20
|
-
# The display name of the
|
21
|
+
# The display name of the Amazon Web Services account that is assigned
|
22
|
+
# to the user.
|
21
23
|
# @return [String]
|
22
24
|
#
|
23
25
|
# @!attribute [rw] email_address
|
24
|
-
# The email address of the
|
26
|
+
# The email address of the Amazon Web Services account that is
|
27
|
+
# assigned to the user.
|
25
28
|
# @return [String]
|
26
29
|
#
|
27
30
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/AccountInfo AWS API Documentation
|
@@ -48,13 +51,14 @@ module Aws::SSO
|
|
48
51
|
# @return [String]
|
49
52
|
#
|
50
53
|
# @!attribute [rw] account_id
|
51
|
-
# The identifier for the
|
54
|
+
# The identifier for the Amazon Web Services account that is assigned
|
55
|
+
# to the user.
|
52
56
|
# @return [String]
|
53
57
|
#
|
54
58
|
# @!attribute [rw] access_token
|
55
59
|
# The token issued by the `CreateToken` API call. For more
|
56
|
-
# information, see [CreateToken][1] in the *
|
57
|
-
# Guide*.
|
60
|
+
# information, see [CreateToken][1] in the *Amazon Web Services SSO
|
61
|
+
# OIDC API Reference Guide*.
|
58
62
|
#
|
59
63
|
#
|
60
64
|
#
|
@@ -118,8 +122,8 @@ module Aws::SSO
|
|
118
122
|
#
|
119
123
|
# @!attribute [rw] access_token
|
120
124
|
# The token issued by the `CreateToken` API call. For more
|
121
|
-
# information, see [CreateToken][1] in the *
|
122
|
-
# Guide*.
|
125
|
+
# information, see [CreateToken][1] in the *Amazon Web Services SSO
|
126
|
+
# OIDC API Reference Guide*.
|
123
127
|
#
|
124
128
|
#
|
125
129
|
#
|
@@ -127,7 +131,8 @@ module Aws::SSO
|
|
127
131
|
# @return [String]
|
128
132
|
#
|
129
133
|
# @!attribute [rw] account_id
|
130
|
-
# The identifier for the
|
134
|
+
# The identifier for the Amazon Web Services account that is assigned
|
135
|
+
# to the user.
|
131
136
|
# @return [String]
|
132
137
|
#
|
133
138
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/ListAccountRolesRequest AWS API Documentation
|
@@ -179,8 +184,8 @@ module Aws::SSO
|
|
179
184
|
#
|
180
185
|
# @!attribute [rw] access_token
|
181
186
|
# The token issued by the `CreateToken` API call. For more
|
182
|
-
# information, see [CreateToken][1] in the *
|
183
|
-
# Guide*.
|
187
|
+
# information, see [CreateToken][1] in the *Amazon Web Services SSO
|
188
|
+
# OIDC API Reference Guide*.
|
184
189
|
#
|
185
190
|
#
|
186
191
|
#
|
@@ -224,8 +229,8 @@ module Aws::SSO
|
|
224
229
|
#
|
225
230
|
# @!attribute [rw] access_token
|
226
231
|
# The token issued by the `CreateToken` API call. For more
|
227
|
-
# information, see [CreateToken][1] in the *
|
228
|
-
# Guide*.
|
232
|
+
# information, see [CreateToken][1] in the *Amazon Web Services SSO
|
233
|
+
# OIDC API Reference Guide*.
|
229
234
|
#
|
230
235
|
#
|
231
236
|
#
|
@@ -259,7 +264,8 @@ module Aws::SSO
|
|
259
264
|
# @!attribute [rw] access_key_id
|
260
265
|
# The identifier used for the temporary security credentials. For more
|
261
266
|
# information, see [Using Temporary Security Credentials to Request
|
262
|
-
# Access to
|
267
|
+
# Access to Amazon Web Services Resources][1] in the *Amazon Web
|
268
|
+
# Services IAM User Guide*.
|
263
269
|
#
|
264
270
|
#
|
265
271
|
#
|
@@ -268,8 +274,9 @@ module Aws::SSO
|
|
268
274
|
#
|
269
275
|
# @!attribute [rw] secret_access_key
|
270
276
|
# The key that is used to sign the request. For more information, see
|
271
|
-
# [Using Temporary Security Credentials to Request Access to
|
272
|
-
# Resources][1] in the *
|
277
|
+
# [Using Temporary Security Credentials to Request Access to Amazon
|
278
|
+
# Web Services Resources][1] in the *Amazon Web Services IAM User
|
279
|
+
# Guide*.
|
273
280
|
#
|
274
281
|
#
|
275
282
|
#
|
@@ -278,8 +285,9 @@ module Aws::SSO
|
|
278
285
|
#
|
279
286
|
# @!attribute [rw] session_token
|
280
287
|
# The token used for temporary credentials. For more information, see
|
281
|
-
# [Using Temporary Security Credentials to Request Access to
|
282
|
-
# Resources][1] in the *
|
288
|
+
# [Using Temporary Security Credentials to Request Access to Amazon
|
289
|
+
# Web Services Resources][1] in the *Amazon Web Services IAM User
|
290
|
+
# Guide*.
|
283
291
|
#
|
284
292
|
#
|
285
293
|
#
|
@@ -308,7 +316,8 @@ module Aws::SSO
|
|
308
316
|
# @return [String]
|
309
317
|
#
|
310
318
|
# @!attribute [rw] account_id
|
311
|
-
# The identifier of the
|
319
|
+
# The identifier of the Amazon Web Services account assigned to the
|
320
|
+
# user.
|
312
321
|
# @return [String]
|
313
322
|
#
|
314
323
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sso-2019-06-10/RoleInfo AWS API Documentation
|
data/lib/aws-sdk-sso.rb
CHANGED
data/lib/aws-sdk-sts/client.rb
CHANGED
@@ -2145,6 +2145,14 @@ module Aws::STS
|
|
2145
2145
|
# Credentials][1] and [Comparing the Amazon Web Services STS API
|
2146
2146
|
# operations][2] in the *IAM User Guide*.
|
2147
2147
|
#
|
2148
|
+
# <note markdown="1"> No permissions are required for users to perform this operation. The
|
2149
|
+
# purpose of the `sts:GetSessionToken` operation is to authenticate the
|
2150
|
+
# user using MFA. You cannot use policies to control authentication
|
2151
|
+
# operations. For more information, see [Permissions for
|
2152
|
+
# GetSessionToken][3] in the *IAM User Guide*.
|
2153
|
+
#
|
2154
|
+
# </note>
|
2155
|
+
#
|
2148
2156
|
# **Session Duration**
|
2149
2157
|
#
|
2150
2158
|
# The `GetSessionToken` operation must be called by using the long-term
|
@@ -2170,7 +2178,7 @@ module Aws::STS
|
|
2170
2178
|
#
|
2171
2179
|
# <note markdown="1"> We recommend that you do not call `GetSessionToken` with Amazon Web
|
2172
2180
|
# Services account root user credentials. Instead, follow our [best
|
2173
|
-
# practices][
|
2181
|
+
# practices][4] by creating one or more IAM users, giving them the
|
2174
2182
|
# necessary permissions, and using IAM users for everyday interaction
|
2175
2183
|
# with Amazon Web Services.
|
2176
2184
|
#
|
@@ -2186,14 +2194,15 @@ module Aws::STS
|
|
2186
2194
|
#
|
2187
2195
|
# For more information about using `GetSessionToken` to create temporary
|
2188
2196
|
# credentials, go to [Temporary Credentials for Users in Untrusted
|
2189
|
-
# Environments][
|
2197
|
+
# Environments][5] in the *IAM User Guide*.
|
2190
2198
|
#
|
2191
2199
|
#
|
2192
2200
|
#
|
2193
2201
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
2194
2202
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
|
2195
|
-
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
2196
|
-
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
2203
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html
|
2204
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users
|
2205
|
+
# [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken
|
2197
2206
|
#
|
2198
2207
|
# @option params [Integer] :duration_seconds
|
2199
2208
|
# The duration, in seconds, that the credentials should remain valid.
|
@@ -2290,7 +2299,7 @@ module Aws::STS
|
|
2290
2299
|
params: params,
|
2291
2300
|
config: config)
|
2292
2301
|
context[:gem_name] = 'aws-sdk-core'
|
2293
|
-
context[:gem_version] = '3.
|
2302
|
+
context[:gem_version] = '3.132.0'
|
2294
2303
|
Seahorse::Client::Request.new(handlers, context)
|
2295
2304
|
end
|
2296
2305
|
|
data/lib/aws-sdk-sts.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.132.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-08-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jmespath
|
@@ -16,14 +16,20 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '1
|
19
|
+
version: '1'
|
20
|
+
- - ">="
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: 1.6.1
|
20
23
|
type: :runtime
|
21
24
|
prerelease: false
|
22
25
|
version_requirements: !ruby/object:Gem::Requirement
|
23
26
|
requirements:
|
24
27
|
- - "~>"
|
25
28
|
- !ruby/object:Gem::Version
|
26
|
-
version: '1
|
29
|
+
version: '1'
|
30
|
+
- - ">="
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: 1.6.1
|
27
33
|
- !ruby/object:Gem::Dependency
|
28
34
|
name: aws-partitions
|
29
35
|
requirement: !ruby/object:Gem::Requirement
|